Git Product home page Git Product logo

bioram-sgx's People

Contributors

diwata11 avatar

Stargazers

avatar

bioram-sgx's Issues

Fail to run the ./run-SGXserver

My machine is SGX supported and enabled in BOIS. but somehow when i run ./run-SGXserver it says the system does not dispaly the result.
There are two problems:
./run-SGXserver: line 45: ./policy: No such file or directory
./run-SGXserver: line 113: ./SGXserver: No such file or directory
Is there any reason.

Thanks !Looking forward to your reply!

[security]user_key is leaked in enclave code

hi,sir
in file Enclave/Enclave.cpp:

sgx_status_t enclave_get_user_key(unsigned char *enc_user_key, size_t enc_user_key_len,
				  unsigned char *iv, size_t iv_len, sgx_aes_gcm_128bit_tag_t *tag)
{
  sgx_status_t ctx;
  sgx_ra_key_128_t k;
  
  sgx_status_t get_keys_ret = sgx_ra_get_keys(ctx, SGX_RA_KEY_SK, &k);
  if ( get_keys_ret != SGX_SUCCESS ) return get_keys_ret;
  
  unsigned char *user_key = (unsigned char*)malloc(16);
  sgx_status_t ret;
  
  //decrypt user's key that was used for encrypting source & data.
  ret = sgx_rijndael128GCM_decrypt(&k, enc_user_key, enc_user_key_len, user_key, iv, 12, NULL, 0, tag);
  
  print_hexstring(enc_user_key,16);
  print_hexstring(iv,12);
  print_hexstring((unsigned char*)tag,16);
  print_hexstring(user_key,16); // ==========================>decrypted user_key is leaked by invoking ocall
  
  //for security reason
  memset(user_key, 0x00, 16);
  free(user_key);
  
  return ret;
}

BUGs found

Stack overflow

buf is only 256 size, but vsnprintf can write up to BUFSIZ, cause stack overflow

BiORAM-SGX/Enclave/Enclave.cpp

Lines 104 to 113 in 6e8df40

int printf(const char* fmt, ...)
{
char buf[256] = { '\0' };
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, BUFSIZ, fmt, ap);
va_end(ap);
ocall_print_string(buf);
return (int)strnlen(buf, BUFSIZ - 1) + 1;
}

Null Pointer Dereference

Although ptr is in, when it is null, TBridge will pass it to real ecall

BiORAM-SGX/Enclave/Enclave.edl

Line 33 in 6e8df40

public void cp_source([in, size=len]void *ptr, size_t len);

1687926479185

But in cp_source, not check ptr is not null

BiORAM-SGX/Enclave/Enclave.cpp

Lines 1052 to 1056 in 6e8df40

void cp_source(void *ptr, size_t len)
{
std::string sc = (const char*)ptr;
printf("%s", sc.c_str());
}

Fails to connect with SGX

My machine is SGX supported and enabled in BOIS. but somehow when i run ./run-SGX server it says the system does not support Intel SGX. fails to connect with SGX. Is there any reason

[security] Without verifying whether malloc is successful, write the user_key outside directly 

sgx_status_t enclave_get_user_key(unsigned char *enc_user_key, size_t enc_user_key_len,
				  unsigned char *iv, size_t iv_len, sgx_aes_gcm_128bit_tag_t *tag)
{
  sgx_status_t ctx;
  sgx_ra_key_128_t k;
  
  sgx_status_t get_keys_ret = sgx_ra_get_keys(ctx, SGX_RA_KEY_SK, &k);
  if ( get_keys_ret != SGX_SUCCESS ) return get_keys_ret;
  

  // doesn't check user_key  is not NULL
  unsigned char *user_key = (unsigned char*)malloc(16); 
  sgx_status_t ret;
  
  //decrypt user's key that was used for encrypting source & data.
  ret = sgx_rijndael128GCM_decrypt(&k, enc_user_key, enc_user_key_len, user_key, iv, 12, NULL, 0, tag);
  
  print_hexstring(enc_user_key,16);
  print_hexstring(iv,12);
  print_hexstring((unsigned char*)tag,16);
  print_hexstring(user_key,16);
  
  //for security reason
  memset(user_key, 0x00, 16);
  free(user_key);
  
  return ret;
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.